The threat index looks at the most common active malware variants and trends as cyber criminals evolve toward crypto-mining and multipurpose malware.

A second-stage downloader, SmokeLoader, first identified back in 2011, jumped to ninth place on the December top-10 list. “After a surge of activity in the Ukraine and Japan, its global impact grew by 20. SmokeLoader is mainly used to load other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker,” according to a press release.

“December’s report saw SmokeLoader appearing in the top 10 for the first time. Its sudden surge in prevalence reinforces the growing trend towards damaging, multipurpose malware in the Global Threat Index, with the top 10 divided equally between crypto-miners and malware that uses multiple methods to distribute numerous threats,” said Maya Horowitz, threat intelligence and research group manager at Check Point.

“The diversity of the malware in the Index means that it is critical that enterprises employ a multilayered cybersecurity strategy that protects against both established malware families and brand new threats.”

Open-source CPU mining software XMRig followed behind Coinhive, and JavaScript miner Jsecoin rounded out the top three, demonstrating that diversity.

For mobile malware, Triada, a modular backdoor for Android that grants super-user privileges to downloaded malware, ranked number one.

“Check Point researchers also analyzed the most exploited cyber vulnerabilities. Holding on to first place was CVE-2017-7269, whose global impact also rose slightly to 49%, compared to 47% in November. In second place was OpenSSL TLS DTLS Heartbeat Information Disclosure, with a global impact of 42% closely followed by PHPMyAdmin Misconfiguration Code Injection with an impact of 41%,” the press release stated.

Not surprisingly, the report also reflected a rise in banking Trojans, particularly in the data-stealing Trojan, Ramnit, which ranked eighth on the top-10 list.